White House, Industry Giants Back Net Privacy Project

The Clinton administration has come out in support of the P3P.

By Lori Enos
06/22/00 12:00 AM PT

Over 30 leading technology companies, privacy advocates, and other organizations gathered in New York City Wednesday to demonstrate implementations of a new privacy platform from the World Wide Web Consortium (W3C).

The Platform for Privacy Preferences Project (P3P) allows Web sites to express their privacy practices in a standard format that can be retrieved and interpreted automatically by P3P user agents. The agents automate the disclosure process by releasing -- or not releasing -- personal information, according to preferences set by the individual person surfing the Net.

Thus, people surfing the Net and entering e-commerce transactions need not read the privacy policy of every site visited.

Although P3P provides a technical mechanism for checking a Web site's privacy policy before releasing personal information, it does not provide a technical mechanism for ensuring that a Web site actually complies with its stated privacy policies.

Industry and Government Support

The White House and the U.S Department of Commerce will be among the first sites to demonstrate the new technology. According to Clinton Press Secretary Joe Lockhart, "the White House is pleased to advance these goals by supporting an initiative that harnesses technology to protect privacy on the Internet."

During Wednesday's gathering, Microsoft announced that the next version of Windows and Internet Explorer will incorporate the new technology, and that its home page will also demonstrate the new technology.

America Online, AT&T, Hewlett-Packard, IBM and Procter and Gamble also announced Wednesday that their sites or portions of their sites are now P3P-compliant.

Interpreting Privacy Statements

Internet users have consistently ranked privacy as one of their top Web concerns. A recent survey by Internet market research firm @plan showed that 85 percent of Web surfers view privacy as the most important Internet issue.

Because of widespread concern, many Internet companies have posted privacy policies on their Web sites, but the policies are often difficult to find and understand.

According to the W3C, "users need to be able to know quickly and with confidence whether a company engages in information sharing practices that meet or conflict with their wishes."

P3P allows Web site owners to translate their privacy policies into easy to understand statements that can be automatically retrieved and interpreted by P3P-enabled browsers.

P3P Development Continues

The P3P standard is a working draft that represents the broadest technical consensus on how to design tools that enhance privacy and commerce on the Web, according to the W3C. It was created through the efforts of representatives from more than a dozen members of the W3C, including Microsoft, NCR, NEC, Nokia, and Citigroup, as well as private experts.

The W3C is an international industry consortium of over 420 organizations jointly run by the MIT Laboratory for Computer Science (MIT LCS) in the U.S., the National Institute for Research in Computer Science and Control (INRIA) in France and Keio University in Japan.

Organizers of Wednesday's event say that the experience of implementers around the world, including those participating at this interoperability session, will be critical in shaping the finished standard. Another interoperability session is scheduled for Europe in September.

Mechanism Criticized

Not all industry leaders are supportive of the new technology. Dr. Horst Joepen, CEO of Webwasher.com, a developer of Internet privacy technologies that is backed by German electronics giant Siemens, criticized the standard as "dead on arrival."

Joepen added, "Instead of responding to the growing demand for consumer privacy, by its very design, P3P seems more intent on satisfying Web sites' insatiable hunger for personal information."

Webwasher.com chief technology officer Roland Curry said, "Few Internet users today voluntarily prompt every Web site they visit with a standardized form containing sensitive personal information. Under P3P, your browser actively aggregates this kind of information, then distributes it in a nanosecond to any Web site that presents the 'password,' i.e., a compliant privacy statement."

Curry added, "Since no one ever verifies that Web sites actually conform to their stated policies, P3P effectively transforms your browser into a lockbox full of sensitive personal information that can be opened with a publicly available key."